资 源 简 介
Project Motivation
Cross-site scripting is one of the most pervasive web application security vulnerabilities present in today"s applications, ranking at the top of the most recent OWASP Top Ten (2007). Recently, UI frameworks have emerged that allow application developers to create web components quickly and effortlessly. Java EE facilitates this ability by providing JSP tags that can be conglomerated as a tag library, such as was done with Java Server Faces (JSF). These tags allow developers to create rich user interfaces by parameterizing attributes of the web component. With the advent of this design, a unique opportunity arises to prevent cross-site scripting. If tag libraries offered built-in protection from cross-site scripting, then using parameterized web components to prevent cross-site scripting could become analogous to using parameterized queries to prevent SQL injection. However, security is not always in mind when such tag libraries are developed and thus
文 件 列 表
output
column.html
commandButton.html
commandLink.html
dataTable.html
form.html
graphicImage.html
inputHidden.html
inputSecret.html
inputText.html
inputTextarea.html
message.html
messages.html
outputFormat.html
outputLabel.html
outputLink.html
outputText.html
panelGrid.html
panelGroup.html
report.html
selectBooleanCheckbox.html
selectManyCheckbox.html
selectManyListbox.html
selectManyMenu.html
selectOneListbox.html
selectOneMenu.html
selectOneRadio.html
test
